Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Last changed: 2021-02-12 22:16:21 UTC
- version 12.3X48-D105.4;
- system {
- root-authentication {
- }
- name-server {
- 208.67.222.222;
- 208.67.220.220;
- }
- services {
- ssh;
- telnet;
- xnm-clear-text;
- web-management {
- http {
- port 80;
- interface ge-0/0/0.0;
- }
- }
- dhcp {
- pool 192.168.16.0/24 {
- address-range low 192.168.16.186 high 192.168.16.254;
- router {
- 192.168.16.1;
- }
- propagate-settings ge-0/0/1.0;
- }
- pool 192.168.0.0/24 {
- address-range low 192.168.0.100 high 192.168.0.254;
- router {
- 192.168.0.1;
- }
- propagate-settings ge-0/0/3.0;
- }
- }
- }
- syslog {
- archive size 100k files 3;
- user * {
- any emergency;
- }
- file messages {
- any critical;
- authorization info;
- }
- file interactive-commands {
- interactive-commands error;
- }
- }
- max-configurations-on-flash 5;
- max-configuration-rollbacks 5;
- license {
- autoupdate {
- url https://ae1.juniper.net/junos/key_retrieval;
- }
- }
- }
- security {
- screen {
- ids-option untrust-screen {
- icmp {
- ping-death;
- }
- ip {
- source-route-option;
- tear-drop;
- }
- tcp {
- syn-flood {
- alarm-threshold 1024;
- attack-threshold 200;
- source-threshold 1024;
- destination-threshold 2048;
- timeout 20;
- }
- land;
- }
- }
- }
- nat {
- source {
- rule-set trust-to-untrust {
- from zone trust;
- to zone untrust;
- rule source-nat-rule {
- match {
- source-address 0.0.0.0/0;
- destination-address 0.0.0.0/0;
- }
- then {
- source-nat {
- interface;
- }
- }
- }
- }
- }
- }
- policies {
- from-zone trust to-zone untrust {
- policy trust-to-untrust {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- from-zone trust to-zone trust {
- policy trust-to-trust {
- match {
- source-address any;
- destination-address any;
- application any;
- }
- then {
- permit;
- }
- }
- }
- }
- zones {
- security-zone trust {
- address-book {
- address local-addreses 192.168.0.0/24;
- }
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- interfaces {
- ge-0/0/1.0;
- ge-0/0/2.0;
- ge-0/0/3.0 {
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- }
- }
- }
- security-zone untrust {
- screen untrust-screen;
- interfaces {
- ge-0/0/0.0 {
- host-inbound-traffic {
- system-services {
- all;
- }
- protocols {
- all;
- }
- }
- }
- }
- }
- }
- }
- interfaces {
- ge-0/0/0 {
- description Uplink;
- unit 0 {
- family inet {
- address 192.168.16.4/24;
- }
- }
- }
- ge-0/0/1 {
- description EI;
- vlan-tagging;
- unit 0 {
- vlan-id 3;
- family inet;
- }
- }
- ge-0/0/2 {
- unit 0 {
- family inet {
- address 192.168.2.1/24;
- }
- }
- }
- ge-0/0/3 {
- description OS;
- speed 1g;
- link-mode full-duplex;
- gigether-options {
- auto-negotiation;
- }
- unit 0 {
- family inet {
- address 192.168.0.1/24;
- }
- }
- }
- }
- routing-options {
- static {
- route 0.0.0.0/0 next-hop 192.168.16.1;
- }
- }
- firewall {
- family inet {
- filter common-filter {
- term traff {
- from {
- interface ge-0/0/0;
- }
- then {
- routing-instance to-untrust; ## 'to-untrust' is not defined
- }
- }
- term default {
- then accept;
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement